ActiveX gets its own month of bugs
Symantec has confirmed flaws in its most popular consumer security software that could give attackers the means to hijack the Windows PCs that the programs are supposed to protect.
The vulnerabilities are in an ActiveX control that ships with several products, including Norton AntiVirus, Norton Internet Security, Norton SystemWorks and Norton 360.
Ironically, Symantec analysts have both cited the popularity of ActiveX bugs and urged caution when using the controls in comments about other companies’ product flaws.
According to alerts released Wednesday by VeriSign Inc.’s iDefense, the ActiveX control “SymAData.dll” sports two vulnerabilities that could be used “to execute arbitrary code with the privileges of the currently logged in user” by attackers able to entice victims to malicious Web sites.